MagnetGoblin 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (145)

时间轴

语言

en114
zh18
ja4
pl4
de4

国家/地区

us62
cn18
pl2
de2

演员

MagnetGoblin3
DCRat2
DarkComet2
Mirai2
Stealc1

活动

利益

时间轴

类型

Not Defined78
Operating System8
Image Processing Software4
WordPress Plugin4
Programming Language Software4

供应商

Not Defined46
Adobe6
SourceCodester6
Apple6
68k2

产品

Apple macOS6
Adobe Photoshop2
SourceCodester Loan Management System2
BSD2
68k audiofile2

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1PHP Link Directory Administration Page index.html 跨网站脚本4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.003740.83CVE-2007-0529
2Esoftpro Online Guestbook Pro ogp_show.php SQL注入7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001080.63CVE-2009-4935
3AUO SunVeillance Monitoring System Access Control Picture_Manage_mvc.aspx 权限升级8.58.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.250880.02CVE-2019-12719
4SourceCodester Complaint Management System Lodge Complaint Section register-complaint.php 权限升级6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.05CVE-2024-1875
5Adtran SR400ac Ping Command 权限升级8.88.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.04CVE-2023-38120
6Canon Satera LBP670C CPCA Color LUT Resource Download Process 内存损坏9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.001250.03CVE-2023-6234
7SourceCodester Testimonial Page Manager HTTP POST Request add-testimonial.php 跨网站脚本4.94.9$0-$5k$0-$5kNot DefinedNot Defined0.000460.00CVE-2024-1196
8Form.io Email Template 权限升级6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.005250.03CVE-2020-28246
9SourceCodester Kortex Lite Advocate Office Management System register_case.php SQL注入4.74.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.05CVE-2024-3621
10PbootCMS create_function 权限升级7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.002570.04CVE-2023-39834
11Phplinkdirectory PHP Link Directory conf_users_edit.php 跨网站请求伪造6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.005260.04CVE-2011-0643
12BD Totalys MultiProcessor 弱身份验证8.17.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.05CVE-2022-40263
13Petwant PF-103/Petalk AI libcommon.so processCommandUploadSnapshot 内存损坏9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.018310.04CVE-2019-16736
14PHPGurukul User Registration & Login and User Management System Search Bar 跨网站脚本3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.08CVE-2024-25202
15WordPress 目录遍历5.75.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.003260.04CVE-2023-2745
16WordPress Post Author Path 信息公开5.35.3$5k-$25k$5k-$25kNot DefinedNot Defined0.001830.08CVE-2017-6514
17GNU adns 未知漏洞6.56.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.010530.00CVE-2008-4100
18Grafana 信息公开5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000690.00CVE-2019-19499
19GARO WALLBOX GLB+ T2EV7 Software Update index.jsp#settings 跨网站脚本4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.05CVE-2024-1707
20NVIDIA Windows GPU Display Driver DLL Loader 权限升级5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.000510.00CVE-2019-5694

活动 (1)

These are the campaigns that can be associated with the actor:

  • CVE-2024-21887

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
123.184.48.132MagnetGoblinCVE-2024-218872024-03-11verified
245.9.149.215MagnetGoblinCVE-2024-218872024-03-11verified
3XX.XXX.XXX.XXXxxxxxxxxxxxXxx-xxxx-xxxxx2024-03-11verified
4XX.XX.XXX.XXXXxxxxxxxxxxxXxx-xxxx-xxxxx2024-03-11verified
5XX.XXX.XX.XXXXxxxxxxxxxxxXxx-xxxx-xxxxx2024-03-11verified
6XXX.XX.XX.XXXXxxxxxxxxxxxXxx-xxxx-xxxxx2024-03-11verified

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique分类漏洞访问向量类型可信度
1CAPEC-10CWE-20, CWE-59, CWE-61, CWE-119, CWE-120, CWE-121, CWE-122, CWE-125, CWE-134, CWE-189, CWE-190, CWE-285, CWE-287, CWE-352, CWE-377, CWE-399, CWE-400, CWE-404, CWE-444, CWE-476, CWE-502, CWE-670, CWE-770, CWE-787, CWE-840, CWE-841, CWE-843, CWE-862, CWE-863, CWE-918Unknown Vulnerabilitypredictive
2T1006CAPEC-126CWE-21, CWE-22Path Traversalpredictive
3T1055CAPEC-10CWE-74, CWE-707Improper Neutralization of Data within XPath Expressionspredictive
4T1059CAPEC-10CWE-74, CWE-94, CWE-707Argument Injectionpredictive
5TXXXX.XXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxx Xxxx Xxxxxxxxxpredictive
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXX.XXXCAPEC-191CWE-XXX, CWE-XXX, CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
8TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
9TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
10TXXXXCAPEC-0CWE-XXX, CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
11TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxx Xxxxxxxxxpredictive
12TXXXXCAPEC-102CWE-XXX, CWE-XXX, CWE-XXXXXxx Xx Xxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
13TXXXXCAPEC-0CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
15TXXXX.XXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxx Xxxxxx Xxxxpredictive
16TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
17TXXXX.XXXCAPEC-0CWE-XXXxxxxxxxxxxxxpredictive
18TXXXXCAPEC-0CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
19TXXXX.XXXCAPEC-0CWE-XXX, CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
20TXXXX.XXXCAPEC-19CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (55)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/auth/callbackpredictive
2File/control/register_case.phppredictive
3File/etc/init.d/sshd_servicepredictive
4File/forum/away.phppredictive
5File/index.jsp#settingspredictive
6File/plainpredictive
7File/proc/self/environpredictive
8File/xxxxxxx/xxxxx/xxxxxxpredictive
9File/xx_xxx.xxxpredictive
10File/xxx/xxxxxx/xxx/xxxpredictive
11File/xx-xxxx/xxxxxx/x.x/xxxxx?xxxpredictive
12Filexxx.xxxpredictive
13Filexxx-xxxxxxxxxxx.xxxpredictive
14Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictive
15Filexxxxxx.xxxpredictive
16Filexxxxxxx.xpredictive
17Filexxxxxx\xxxxx.xxxxxxx_xxxxxxx.xxxpredictive
18Filexx/xxx/xxxxxx/xxxxxxx.xpredictive
19Filexxxxx.xxxxpredictive
20Filexxxxx.xxxpredictive
21Filexxxxxxx.xpredictive
22Filexxxxxxxxx.xxpredictive
23Filexxxxx.xxxpredictive
24Filexxx.xpredictive
25Filexxxxxxx.xpredictive
26Filexxx_xxxx.xxxpredictive
27Filexxxxxx.xpredictive
28Filexxxxxxx_xxxxxx_xxx.xxxxpredictive
29Filexxxxxxx.xxxpredictive
30Filexxx_xxxpredictive
31Filexxxxxxx.xxxpredictive
32Filexxxxxx-xxxxxxxx-xxxxxx_xx.xxxpredictive
33Filexxxxx.xpredictive
34Filexxxxx/xxxxxxxx-xxxxxxxxx.xxxpredictive
35Filexxxxxx\xxxxxx\xxxxxxxxx-xxxxxx-xxxxxxx\xxx\xxxxxxx\xxxxxxxxxxxxx.xxxpredictive
36Libraryxxxxxxxxx.xpredictive
37Libraryxxxxxxxxxpredictive
38Argumentxxxxxxxpredictive
39Argumentxxxxxxxxxpredictive
40Argumentxxxxxx_xxxxpredictive
41Argumentxxxxxxpredictive
42Argumentxxxxxxxpredictive
43Argumentxxxxxx_xxxxxxxpredictive
44Argumentxxxxxxxpredictive
45Argumentxxx_xxxxpredictive
46Argumentxxxxxx['xxxx']predictive
47Argumentxxxxpredictive
48Argumentxxxxxxpredictive
49Argumentxxxxpredictive
50Argumentxxxx/xxxxxxxxxxx/xxxxxxxxxpredictive
51Argumentxxxxxxxxxpredictive
52Argumentxxxxx/xxxx_xx/xxxxxx_xxxx/xxxxx/xxxx_xxxx/xxxx_xxxxx/xxxxx_xxxx/xxxxxxxxxxx/xxxxxxx_xxxx/xxxxxxx_xxxx/xxxxxxxx_xxxxxx/xxxxx_xxxx/xxxxxxpredictive
53Argumentxxxxxxxxpredictive
54Input Value../../predictive
55Network Portxxx/xx (xxx)predictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!